using System.Net.Http;
using System.Web.Http.Controllers;
using Autofac;
using Autofac.Integration.WebApi;
using yiCommerce.Core;
using yiCommerce.Core.Domain.Securitys;
using yiCommerce.Service.Securitys;

namespace yiCommerce.Attributes.api
{
    public class AdminOrderAuthenticationApiAttribute : System.Web.Http.Filters.AuthorizationFilterAttribute
    {
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            var scope = actionContext.Request.GetDependencyScope();
            var lscope = scope.GetRequestLifetimeScope();
            var workContext = lscope.Resolve<IWorkContext>();

            var permissionService = lscope.Resolve<IPermissionService>(); 
            bool result = permissionService.Authorize(StandardPermissionProvider.ManageOrders, workContext.CurrentCustomer.Id);
            if (!result)
            {
                actionContext.Response = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
            }
        }
        
    }
}